LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   /var/log/messages full of these messages. Should I be concerned? (http://www.linuxquestions.org/questions/linux-security-4/var-log-messages-full-of-these-messages-should-i-be-concerned-170505/)

mdavis 04-15-2004 09:58 AM

/var/log/messages full of these messages. Should I be concerned?
 
pam_timestamp_check: pam_timestamp: '/var/run/' owner UID !=0
last message repeated 7 times
last message repeated 13 times
last message repeated 13 times
last message repeated 13 times
last message repeated 13 times
last message repeated 13 times
last message repeated 13 times
vsftpd: warening: can't get client address: Bad file descriptor


and it goes on and on

These messages were all logged within 5 minutes of each other.

Should this concern me?

thanks,
Michael

ugge 04-15-2004 11:23 AM

The repeat message only tels you that the message happened more times than what is written to the log. This behavior is to shorten down the log files.

If the original message is a message of concern, then these additional are of course of concern too.

mdavis 04-15-2004 11:28 AM

Thanks ugge,

Sorry - the 'last message repeated xx times' errors were included just to show how often I am receiving them.

The lines in question are the lines beginning with 'PAM_' & 'VSFTP'. Should I be concerned about those two lines in particular?

thanks,
Michael

chort 04-15-2004 11:32 AM

Well, check the permissions on /var/run

$ ls -ld /var/run

see who the owner is (apparently it's not root). If it's a totally unexpected users, your system might have been compromised, or more likely a bad software install changed the owner of that directory and you just need to change it back.

# chown root /var/run

mdavis 04-15-2004 03:41 PM

It was owned my mysql. Probably believable.

I CHOWNed it to root and that fixed the error. Thanks.

Any ideas on the 'vsftpd: warning: can't get client address: Bad file descriptor" error message? I get that message almost exactly every 10 minutes.

Just got a new message as well. 'http: gethostby*.getanswer: asked for "www.teenmodel-manu.com in AAAA" got type "A"

and NO - teenmodel-manu.com is NOT my domain. :-)

thanks for any advise you can give.
Michael

mdavis 04-16-2004 10:08 AM

Found and fixed the VSFTP error message. Apparently VSFTP.conf has to be changed to turn off TCPWrapper from YES to NO. There is some compatability issue with them turned on.

Thanks for your help.


All times are GMT -5. The time now is 02:02 PM.